DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 03/25/21.  Claims 1-23 are still pending and have been considered below.

Claim Objections
The amendments and/or arguments submitted by Applicants have been considered and are persuasive; thus, the previous claim objection(s) have been withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albert et al. (2003/0177389) in view of Tak et al. (2014/0136896).
Claim 1:  Albert et al. discloses a computer program product for operating a firewall to selectively forward network communications between a first network interface of the firewall 
determining an identity of an application that originated the request on the endpoint based on an application identity contained in a packet carrying the request(application permission rule) [page 9, paragraph 0083];
determining a security state of the application that originated the request(client device enforcing required corporate security policies) [page 10, paragraph 0085]; and
conditionally forwarding the request to the server only when the identity of the application is recognized and the security state of the application is uncompromised(managing access on a per application basis and permitting/denying access to client device depending on whether or not integrity server detects problem) [page 8, paragraphs 0072 & 0075];
but does not explicitly disclose that determining a security state of the application further includes by querying a security data recorder on the endpoint.
However, Tak et al. discloses a similar invention [page 1, paragraph 0016 | page 2, paragraph 0019] and further discloses determining a security state of the application by querying a security data recorder on the endpoint(monitoring agent detects and logs events occurring at respective server(s) which allows for the determining and diagnosing of any errors/warnings associated with a distributed application) [page 2, paragraphs 0018 & 0020 | pages 2-3, paragraphs 0029-0030].
Albert et al. with the additional features of Tak et al., in order to provide an improved technique for tracing the root cause of problems detected in distributed applications, as suggested by Tak et al. [page 3, paragraph 0034].
Claim 2:  Albert et al. and Tak et al. disclose the computer program product of claim 1 and Albert et al. further discloses wherein determining the security state of the application that originated the request includes determining the security state based on a secure heartbeat included in the packet [page 10, paragraph 0085].
Claim 3:  Albert et al. and Tak et al. disclose the computer program product of claim 1 and Albert et al. further discloses wherein determining the security state of the application includes traversing a causal chain of events on the endpoint to identify a root cause of the request(determine if applicable to event) [page 9, paragraph 0083 | page 10, paragraphs 0085-0097] [Tak et al.: page 3, paragraph 0032].
Claim 4:  Albert et al. and Tak et al. disclose the computer program product of claim 1 and Albert et al. further discloses wherein conditionally forwarding the request to the server includes conditionally forwarding the request to the server only when the security state of the endpoint is uncompromised(compliant client device would not be denied access to network/resources) [page 10, paragraph 0096].
Claim 5:  Albert et al. discloses a firewall configured to selectively forward network communications, the firewall comprising:
a first network interface operable to couple to an endpoint [figure 3];

a processor in the firewall, the processor configured to respond to a request from the endpoint to the remote resource for a service by performing the steps of:
determining an identity of an application that originated the request on the endpoint [page 9, paragraph 0083],
determining a security state of the application [page 10, paragraph 0085], and 
conditionally forwarding the request to the server only when the identity of the application is recognized and the security state of the application is uncompromised [page 8, paragraphs 0072 & 0075];
but does not explicitly disclose that determining a security state of the application further includes by querying a security data recorder on the endpoint.
However, Tak et al. discloses a similar invention [page 1, paragraph 0016 | page 2, paragraph 0019] and further discloses determining a security state of the application by querying a security data recorder on the endpoint [page 2, paragraphs 0018 & 0020 | pages 2-3, paragraphs 0029-0030].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Albert et al. with the additional features of Tak et al., in order to provide an improved technique for tracing the root cause of problems detected in distributed applications, as suggested by Tak et al. [page 3, paragraph 0034].
Claim 6:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein determining the identity of the application includes following a causal chain Tak et al.: page 3, paragraph 0032].
Claim 7:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the firewall is locally coupled to the remote resource [page 2, paragraph 0017 | page 8, paragraph 0075].
Claim 8:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the firewall is locally coupled to the endpoint [page 2, paragraph 0016 | page 8, paragraph 0075].
Claim 9:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the endpoint and the remote resource are peers coupled together through a peer-to-peer network [page 3, paragraph 0019 | page 5, paragraph 0047].
Claim 10:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the identity of the application is extracted from the request [page 9, paragraph 0083].
Claim 11:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the security state of the application is extracted from the request [page 10, paragraph 0085].
Claim 12:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein conditionally forwarding the request includes conditionally forwarding the request to the server only when the security state of the endpoint is uncompromised [page 8, paragraphs 0072 & 0075].
Claim 13:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein determining the security state of the application includes querying the endpoint from the firewall for indicia of compromise [page 8, paragraph 0074 | page 10, paragraph 0085].
Claim 14:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein determining the identity of the application includes querying the endpoint from the firewall for the identity [page 8, paragraph 0074 | page 9, paragraph 0083].
Claim 15:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the processor is further configured to perform the steps of monitoring a pattern of traffic to the remote resource from a plurality of endpoints and automatically developing a rule for acceptable connections to the server based on the pattern of traffic(merged policies) [page 11, paragraphs 0106-0107].
Claim 16:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the request from the endpoint includes credentials authenticating the application to the server [page 3, paragraph 0023 | page 10, paragraphs 0084-0085].
Claim 17:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the request from the endpoint contains an encrypted heartbeat containing information about a state of the endpoint(information communicated through SSL/VPN connection(s) and/or by utilizing cryptographic hashes) [page 3, paragraphs 0021 & 0023 | page 10, paragraph 0085].
Claim 18:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein determining the security state of the application includes querying the endpoint for at least one of credentials authenticating the application to the server, credentials authenticating a user of the endpoint to the server, or an encrypted heartbeat containing 
Claim 19:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Albert et al. further discloses wherein the processor is further configured to transmit a notification to the endpoint when an indication of compromise is detected for the application [page 8, paragraph 0072 | page 11, paragraph 0100].
Claim 20:  Albert et al. discloses a method for operating a firewall to selectively forward network communications between a first network interface of the firewall operable to couple to an endpoint and a second network interface of the firewall operable to couple to a remote resource hosted at a server, the method including responding to a request from the endpoint to the remote resource by performing the steps of:
determining an identity of an application that originated the request on the endpoint [page 9, paragraph 0083];
determining a security state of the application [page 10, paragraph 0085]; and 
conditionally forwarding the request to the server only when the identity of the application is recognized and the security state of the application is uncompromised [page 8, paragraphs 0072 & 0075];
but does not explicitly disclose that determining a security state of the application further includes by querying a security data recorder on the endpoint.
However, Tak et al. discloses a similar invention [page 1, paragraph 0016 | page 2, paragraph 0019] and further discloses determining a security state of the application by querying a security data recorder on the endpoint [page 2, paragraphs 0018 & 0020 | pages 2-3, paragraphs 0029-0030].
Albert et al. with the additional features of Tak et al., in order to provide an improved technique for tracing the root cause of problems detected in distributed applications, as suggested by Tak et al. [page 3, paragraph 0034].
Claim 21:  Albert et al. and Tak et al. disclose the method of claim 20 and Tak et al. further discloses wherein querying the security data recorder includes querying the security data recorder to identify a root cause of the request [page 3, paragraph 0032].
Claim 22:  Albert et al. and Tak et al. disclose the firewall of claim 5 and Tak et al. further discloses wherein querying the security data recorder includes querying the security data recorder to identify a root cause of the request [page 3, paragraph 0032].
Claim 23:  Albert et al. and Tak et al. disclose the computer program product of claim 1 and Tak et al. further discloses wherein querying the security data recorder includes querying the security data recorder to identify a root cause of the request [page 3, paragraph 0032].

Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686.  The examiner can normally be reached on Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 



/EDWARD ZEE/Primary Examiner, Art Unit 2435